Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SERIF


  • This topic is locked This topic is locked
8 replies to this topic

#1 Erik The Red

Erik The Red

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 12 January 2013 - 05:47 AM

Hey all at Bleeping Computer! Erik here again and I think I may have possibly found another redirect virus but from common sense I think I may have completely removed it, I was downloading a graphic art program called DrawPlus Starter Edition by Serif? anyway when I downloaded it, it automatically installed this conduit toolbar onto chrome ( which I disabled and removed as soon as I found it was on there. ) So i rand CCleaner MBAM ( which I have the log for if you would like it ) and I used Revo Uninstaller to get rid of the program and all its components. So basically I am just posting this to see if my computer is free of any viruses and if this other program is completely gone and possibly also to alert you to another internet Hijacking virus?

Regards, Erik.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.10.2
Run by David Payne at 21:39:40 on 2013-01-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.16367.12248 [GMT 11:00]
.
AV: Kaspersky PURE *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky PURE *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky PURE *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\AstSrv.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Plantronics\GameCom780\GameCom780.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Users\David Payne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David Payne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David Payne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\David Payne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David Payne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\notepad.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com
uURLSearchHooks: Splashtop Connect SearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
uURLSearchHooks: Serif DrawPlus Toolbar: {b97ed18c-1a8a-4acc-884f-b4fe7415adf2} -
mURLSearchHooks: Serif DrawPlus Toolbar: {b97ed18c-1a8a-4acc-884f-b4fe7415adf2} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Serif DrawPlus Toolbar: {b97ed18c-1a8a-4acc-884f-b4fe7415adf2} -
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NOVABA~1.LNK - C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
Trusted Zone: novastor.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 211.31.138.11 211.29.132.12 198.142.0.51
TCP: Interfaces\{3F85F45D-9298-4034-9270-F93F098AD7F3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D1774B0E-2068-4C05-B447-D5E5DD3511BC} : DHCPNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} -
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ievkbd.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll
x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [GamecomSound] C:\Program Files\Plantronics\GameCom780\GameCom780.exe
x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll
x64-DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.5.7.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2012-2-7 85048]
R0 inic1620;inic1620;C:\Windows\System32\drivers\inic1620.sys [2010-7-21 36888]
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\System32\drivers\klbg.sys [2009-10-14 40464]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-1-29 21544]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2012-2-7 66104]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-9-14 27152]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 Ast Service;Ast Service;C:\Windows\System32\\AstSrv.exe --> C:\Windows\System32\\AstSrv.exe [?]
R2 AVP;Kaspersky PURE;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe [2010-10-1 348760]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-1-29 68136]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-29 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-13 398184]
R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [2011-5-20 369296]
R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-1-29 114688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-10-2 21008]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-7-27 78848]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-7-27 180224]
R3 PlantronicsGC;PLTGC Interface;C:\Windows\System32\drivers\PLTGC.sys [2012-11-8 1327104]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-29 349800]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2012-11-8 446976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-13 682344]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S2 SmartViewService;Smart View Service;C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe --> C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [?]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 Backup Client Agent Service;Backup Client Agent Service;C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [2011-5-20 205824]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-29 30528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-4-27 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-27 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-30 1255736]
.
=============== Created Last 30 ================
.
2013-01-12 10:22:31 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BACB308F-C4ED-4D8C-A97B-FDCB7E173329}\offreg.dll
2013-01-12 10:14:01 -------- d-----w- C:\Users\David Payne\AppData\Local\CRE
2013-01-12 10:13:55 -------- d-----w- C:\Program Files (x86)\Conduit
2013-01-12 10:13:54 -------- d-----w- C:\Users\David Payne\AppData\Local\Conduit
2013-01-12 04:30:47 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BACB308F-C4ED-4D8C-A97B-FDCB7E173329}\mpengine.dll
2013-01-09 11:53:10 15739912 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-01-08 15:07:03 -------- d-----w- C:\ProgramData\AVS4YOU
2013-01-08 15:06:58 -------- d-----w- C:\Users\David Payne\AppData\Roaming\AVS4YOU
2013-01-08 15:05:32 11137024 ----a-w- C:\Windows\SysWow64\libmfxsw32.dll
2013-01-08 15:05:30 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2013-01-08 15:05:26 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2013-01-08 15:05:26 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2013-01-08 15:05:26 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2013-01-08 06:51:20 -------- d-----w- C:\Users\David Payne\AppData\Local\WMTools Downloaded Files
2013-01-08 06:48:27 -------- d-----w- C:\Program Files (x86)\Movie Maker 2.6
2013-01-08 06:18:33 -------- d-----w- C:\Windows\en
2013-01-08 06:18:02 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-01-08 06:09:27 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b4f299141cded6604\DSETUP.dll
2013-01-08 06:09:27 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b4f299141cded6604\DXSETUP.exe
2013-01-08 06:09:27 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b4f299141cded6604\dsetup32.dll
2013-01-08 06:09:23 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b2c243601cded6603\DSETUP.dll
2013-01-08 06:09:23 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b2c243601cded6603\DXSETUP.exe
2013-01-08 06:09:23 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b2c243601cded6603\dsetup32.dll
2013-01-08 06:09:18 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b06314cc1cded6601\DSETUP.dll
2013-01-08 06:09:18 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b06314cc1cded6601\DXSETUP.exe
2013-01-08 06:09:18 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b06314cc1cded6601\dsetup32.dll
2013-01-08 06:09:12 -------- d-----w- C:\Users\David Payne\AppData\Local\Windows Live
2013-01-07 05:03:32 -------- d-----w- C:\Users\David Payne\AppData\Local\Darksiders
2013-01-05 16:20:59 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2013-01-03 15:28:00 -------- d-----w- C:\Program Files (x86)\Audacity
2013-01-03 15:24:50 336208 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-01-03 15:17:42 -------- d-----w- C:\Video
2013-01-03 15:17:42 -------- d-----w- C:\Music
2013-01-03 14:35:07 57344 ----a-w- C:\Windows\WNMHINDR.EXE
2013-01-03 14:35:07 24576 ----a-w- C:\Windows\SysWow64\NMH040A.DLL
2013-01-03 14:34:47 258048 ----a-w- C:\Windows\SysWow64\drmclien.dll
2013-01-03 14:34:10 724992 ----a-w- C:\Windows\iun6002.exe
2013-01-03 14:34:06 -------- d-----w- C:\Program Files (x86)\DivX
2013-01-03 14:34:03 -------- d-----w- C:\Program Files (x86)\Home Media Networks Limited
2013-01-03 14:32:24 -------- d-----w- C:\Program Files (x86)\HmelyoffLabs
2013-01-02 16:10:52 -------- d-sh--w- C:\ProgramData\DSS
2013-01-02 16:08:21 -------- d-----w- C:\Users\David Payne\AppData\Roaming\Lionhead Studios
2013-01-02 16:05:52 -------- d-----w- C:\Windows\SysWow64\xlive
2013-01-02 16:05:45 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-01-02 13:57:32 -------- d-----w- C:\Users\David Payne\AppData\Local\PAYDAY
2012-12-31 19:20:59 -------- d-----w- C:\Users\David Payne\AppData\Roaming\WinPatrol
2012-12-31 19:20:52 -------- d-----w- C:\ProgramData\InstallMate
2012-12-31 19:20:52 -------- d-----w- C:\Program Files (x86)\BillP Studios
2012-12-31 19:18:13 -------- d-sh--w- C:\$RECYCLE.BIN
2012-12-28 15:23:02 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-12-28 15:23:02 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-12-28 15:23:02 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-12-28 15:23:02 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-28 14:14:30 -------- d-----w- C:\Users\David Payne\AppData\Local\Programs
2012-12-28 14:04:45 -------- d-----w- C:\Program Files\CCleaner
2012-12-28 13:59:54 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-28 13:33:27 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-12-26 13:43:51 -------- d-----w- C:\Users\David Payne\AppData\Roaming\ACD Systems
2012-12-26 13:43:51 -------- d-----w- C:\Users\David Payne\AppData\Local\ACD Systems
2012-12-26 13:34:04 -------- d-----w- C:\ProgramData\ACD Systems
2012-12-26 13:33:55 -------- d-----w- C:\Program Files\Common Files\ACD Systems
2012-12-26 13:33:55 -------- d-----w- C:\Program Files\ACD Systems
2012-12-25 01:55:23 -------- d-----w- C:\Program Files (x86)\StarCraft
2012-12-25 01:55:23 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-12-24 15:08:45 -------- d-----w- C:\Users\David Payne\AppData\Roaming\LolClient
2012-12-24 14:38:24 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-12-24 14:38:24 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-12-24 14:38:24 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-12-24 14:32:16 -------- d-----w- C:\Riot Games
2012-12-24 13:07:22 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-12-18 06:31:40 -------- d-----w- C:\Users\David Payne\AppData\Roaming\TS3Client
2012-12-18 06:31:14 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2012-12-17 15:34:34 -------- d-----w- C:\Users\David Payne\AppData\Roaming\Unity
2012-12-17 15:28:03 -------- d-----w- C:\Users\David Payne\AppData\Local\Unity
2012-12-15 14:16:13 -------- d-----w- C:\Fraps
2012-12-15 14:08:23 -------- d-----w- C:\Users\David Payne\AppData\Roaming\BANDISOFT
2012-12-15 14:07:43 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2012-12-14 09:49:14 -------- d-----w- C:\ProgramData\Solidshield
.
==================== Find3M ====================
.
2013-01-12 04:05:22 25640 ----a-w- C:\Windows\gdrv.sys
2013-01-09 11:53:53 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 11:53:53 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-26 05:38:22 281392 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-26 05:38:22 281392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-25 10:23:12 281392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-14 08:17:44 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-12-03 04:22:17 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-12-03 04:22:17 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-01 05:49:26 3663213 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-11-30 11:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-05 21:35:16 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-11-05 20:41:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-11-05 20:32:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-11-05 20:32:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
.
============= FINISH: 21:40:52.79 ===============

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:22 AM

Posted 14 January 2013 - 04:23 AM

Hi,

There are just a few leftovers to deal with here..

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}"=-

Save this as fix.reg Choose to save as *all files and place it on your desktop.
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Then, navigate to and delete the following folders:

C:\Program Files (x86)\Conduit
C:\Users\David Payne\AppData\Local\Conduit

For future reference, when you install a program, always read the EULA and install screens, because that's where these additional toolbars are listed, which you can basically uncheck during install (so it doesn't install the additional toolbars).
Also se here: http://miekiemoes.blogspot.be/2012/01/unwanted-toolbars.html
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Erik The Red

Erik The Red
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 14 January 2013 - 09:31 AM

Hey thanks for the help :) Did what you said and deleted the first folder but when I try to get to the second folder its not there and when I go into run a screen comes up and asks me to pick a program to run it with and so I picked notepad all that comes up is this.

Thanks again!

Regards, Erik.

===========================================================================
Interface List
11...1c 6f 65 94 10 c0 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
None
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
None
Persistent Routes:
None

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:22 AM

Posted 14 January 2013 - 09:37 AM

Hi,

You've probably didn't set to show hidden files and folder, so to show them: http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/
Then you should be able to see the C:\Users\David Payne\AppData\Local\Conduit folder :)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Erik The Red

Erik The Red
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 14 January 2013 - 09:47 AM

Thanks that worked perfectly, seems to be all clear :) Thanks heaps for that! Need any other logs or anything?

Regards, Erik.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:22 AM

Posted 14 January 2013 - 09:50 AM

Good to hear :)
No need for new logs - if you could delete what i asked to delete, you should be fine :)

The conduit toolbar wasn't really harming though - just not recommended :)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Erik The Red

Erik The Red
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 14 January 2013 - 09:59 AM

Great thanks again for the help! :) Good to know some short time ago I managed to get Privitize VPN installed so I figured I couldn't be to careful! You people are amazing over here and I'll recommend to anyone! Have a great night!

Regards, Erik.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:22 AM

Posted 14 January 2013 - 10:01 AM

You're most welcome :)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:22 AM

Posted 19 January 2013 - 01:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users